move sslversion mapping to netlib
This commit is contained in:
Maximilian Hils
parent
1cc48345e1
commit
2dfba2105b
|
|
@ -2,7 +2,7 @@ from __future__ import absolute_import
|
|||
import os
|
||||
import re
|
||||
import configargparse
|
||||
from netlib.tcp import Address
|
||||
from netlib.tcp import Address, sslversion_choices
|
||||
|
||||
import netlib.utils
|
||||
|
||||
|
|
@ -423,15 +423,15 @@ def proxy_ssl_options(parser):
|
|||
group.add_argument(
|
||||
"--ssl-version-client", dest="ssl_version_client",
|
||||
default="secure", action="store",
|
||||
choices=config.sslversion_choices.keys(),
|
||||
help="Set supported SSL/TLS version for client connections. "
|
||||
choices=sslversion_choices.keys(),
|
||||
help="Set supported SSL/TLS versions for client connections. "
|
||||
"SSLv2, SSLv3 and 'all' are INSECURE. Defaults to secure, which is TLS1.0+."
|
||||
)
|
||||
group.add_argument(
|
||||
"--ssl-version-server", dest="ssl_version_server",
|
||||
default="secure", action="store",
|
||||
choices=config.sslversion_choices.keys(),
|
||||
help="Set supported SSL/TLS version for server connections. "
|
||||
choices=sslversion_choices.keys(),
|
||||
help="Set supported SSL/TLS versions for server connections. "
|
||||
"SSLv2, SSLv3 and 'all' are INSECURE. Defaults to secure, which is TLS1.0+."
|
||||
)
|
||||
|
||||
|
|
|
|||
|
|
@ -8,7 +8,7 @@ from netlib import certutils, tcp
|
|||
from netlib.http import authentication
|
||||
|
||||
from .. import utils, platform
|
||||
from netlib.tcp import Address
|
||||
from netlib.tcp import Address, sslversion_choices
|
||||
|
||||
CONF_BASENAME = "mitmproxy"
|
||||
CA_DIR = "~/.mitmproxy"
|
||||
|
|
@ -98,24 +98,6 @@ class ProxyConfig:
|
|||
self.openssl_trusted_ca_server = ssl_verify_upstream_trusted_ca
|
||||
|
||||
|
||||
"""
|
||||
Map a reasonable SSL version specification into the format OpenSSL expects.
|
||||
Don't ask...
|
||||
https://bugs.launchpad.net/pyopenssl/+bug/1020632/comments/3
|
||||
"""
|
||||
sslversion_choices = {
|
||||
"all": (SSL.SSLv23_METHOD, 0),
|
||||
# SSLv23_METHOD + NO_SSLv2 + NO_SSLv3 == TLS 1.0+
|
||||
# TLSv1_METHOD would be TLS 1.0 only
|
||||
"secure": (SSL.SSLv23_METHOD, (SSL.OP_NO_SSLv2 | SSL.OP_NO_SSLv3)),
|
||||
"SSLv2": (SSL.SSLv2_METHOD, 0),
|
||||
"SSLv3": (SSL.SSLv3_METHOD, 0),
|
||||
"TLSv1": (SSL.TLSv1_METHOD, 0),
|
||||
"TLSv1_1": (SSL.TLSv1_1_METHOD, 0),
|
||||
"TLSv1_2": (SSL.TLSv1_2_METHOD, 0),
|
||||
}
|
||||
|
||||
|
||||
def process_proxy_options(parser, options):
|
||||
body_size_limit = utils.parse_size(options.body_size_limit)
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue